High-Risk Payment Processing in the UK Post-Brexit: FCA Rules & Best Processors

TL;DR: Brexit severed UK merchants from the EU's single payment market, tightened FCA oversight of payment providers, and created a new compliance layer that high-risk merchants must navigate separately from their European operations. The good news: the UK has a deep, mature high-risk payment processing ecosystem, but accessing it correctly requires understanding the post-Brexit regulatory landscape first.
Before Brexit, a UK high-risk merchant could access the entire European payment infrastructure through a single FCA or EU-passported licence. A payment provider regulated in Lithuania or Malta could serve UK merchants without additional authorisation. That world ended in January 2021, and the UK's high-risk payment processing landscape has been reconfiguring ever since.
In 2026, the UK operates an entirely independent payment regulatory framework, built on FCA authorisation, the Payment Services Regulations 2017 (PSR 2017), and a post-Brexit rulebook that diverges from EU norms in important ways. For high-risk merchants operating in or targeting the UK market, understanding this framework is not optional.

What Changed for High-Risk Merchants After Brexit


The End of EU Passporting
The most immediate post-Brexit impact on UK payment processing was the loss of EU passporting, the mechanism that allowed a payment provider regulated in any EU member state to operate across the entire EU and UK without separate national authorisation.
When the UK left the single market, EU-licensed payment providers lost the right to serve UK merchants automatically. They faced a choice: obtain separate FCA authorisation, establish a UK subsidiary, or exit the UK market.
The result: several EU-headquartered payment providers withdrew from direct UK servicing, while others established UK entities to maintain market access. For high-risk merchants, this created a period of disruption as provider relationships were reassessed and renegotiated.
The FCA's Tightened Payments Oversight
The FCA, the Financial Conduct Authority, is the UK's primary regulator for payment services. Post-Brexit, it has operated with greater independence from EU regulatory frameworks and has consistently signalled that it expects payment providers to apply robust due diligence, particularly for high-risk payment categories.
Key post-Brexit FCA developments affecting high-risk merchants:
- Enhanced AML/CFT requirements: The FCA's 2023 and 2024 supervisory priorities explicitly named payment firms as a focus area for anti-money laundering enforcement
- De-risking scrutiny: The FCA has publicly criticised unjustified de-risking (banks and payment providers refusing to serve legitimate businesses) and issued guidance on proportionate risk assessments
- Consumer Duty (2023): Applies to payment firms serving retail customers, requiring fair treatment and appropriate product design, relevant to high-risk merchants offering consumer-facing payment products
- PSR oversight: The Payment Systems Regulator (PSR), operationally separate from the FCA but closely related, regulates card payment systems in the UK and has been active on interchange, scheme fees, and merchant access
The Temporary Permissions Regime and Its Expiry
Post-Brexit, EU-based payment providers that wanted to continue serving UK customers were placed in the Temporary Permissions Regime (TPR), a transitional arrangement allowing EU-passported firms to continue operating temporarily while seeking FCA authorisation or winding down UK activities.
The TPR substantially wound down by 2023. By 2026, payment providers serving UK high-risk merchants must hold direct FCA authorisation (as Payment Institutions or Electronic Money Institutions) or operate through a UK-incorporated subsidiary with FCA standing. Offshore merchants or merchants working with non-UK payment providers should verify their provider's current FCA status before processing UK-origin transactions.

The UK Regulatory Framework for High-Risk Payment Processing


FCA Authorisation: What Your Payment Provider Needs

Any payment provider processing payments in the UK must hold one of the following FCA authorisations:
Licence Type
Scope
Typical Holder
Authorised Payment Institution (API)
Full payment services including merchant acquiring
Banks, large PSPs, acquirers
Small Payment Institution (SPI)
Payment services below £3M monthly volume threshold
Smaller PSPs, niche processors
Authorised Electronic Money Institution (AEMI)
E-money issuance + payment services
Digital wallets, prepaid card providers
Small Electronic Money Institution (SEMI)
E-money below £5M outstanding limit
Smaller EMI operators
 
For high-risk merchants, working with an Authorised Payment Institution or Authorised Electronic Money Institution is strongly recommended, they carry the broadest regulatory permissions and the most rigorous oversight, which translates to greater operational stability.
Always verify your payment provider's FCA registration at the FCA's Financial Services Register (register.fca.org.uk) before signing a processing agreement.
PSR 2017: The Core UK Payments Rulebook
The Payment Services Regulations 2017, the UK's transposition of the EU's PSD2 Directive, remains the primary legislative framework for UK payment services post-Brexit. Key provisions relevant to high-risk merchants:
- Merchant rights: PSR 2017 gives merchants rights around payment gateway access, surcharging rules, and transaction data access
- Strong Customer Authentication (SCA): Applies to UK electronic payments; requires two-factor authentication for online card transactions over £30 (with exemptions)
- Refund rights: Defined rights around unauthorised transaction refunds
- Contract termination notice: Payment providers must give merchants at least 2 months' notice before terminating a processing contract
The UK government is also consulting on PSR 2017 reforms in 2025–2026 as part of its post-Brexit regulatory divergence programme, merchants should monitor FCA and HM Treasury communications for updates that may affect high-risk payment processing obligations.
Strong Customer Authentication (SCA) in the UK
SCA, requiring two factors of authentication for electronic payments, is enforced in the UK under PSR 2017, with the FCA applying the same broad framework as the EU's PSD2. However, post-Brexit, UK SCA has developed independently in some areas:
- UK SCA exemptions: (low-value transactions, trusted merchant lists, low-risk transactions) broadly mirror EU exemptions but are applied at FCA discretion
- The UK has introduced: specific guidance on transaction risk analysis (TRA) exemptions that allows payment providers to bypass SCA on transactions below defined fraud thresholds
- High-risk merchants: in categories with elevated fraud rates may find TRA exemptions less available to them, issuers and acquirers apply stricter thresholds

High-Risk Industries in the UK: Regulatory Context


Not all high-risk payment categories are treated equally by UK regulators. Some carry specific licences or regulatory requirements beyond standard FCA payment processing authorisation.
Online Gambling
The UK Gambling Commission (UKGC) licenses online gambling operators. High-risk merchants in this category must hold a valid UKGC licence, and their payment providers must be comfortable processing for UKGC-licensed operators. Post-Brexit, the UKGC has increased its oversight of payment flows to and from gambling operators, including requirements around responsible gambling checks and deposit limits.
Financial Services (Forex, CFD, Crypto)
FCA authorisation is required for UK-facing forex, CFD, and crypto firms, not just their payment providers. High-risk merchants in these categories operating without proper FCA authorisation cannot legally access compliant UK payment processing infrastructure.
Adult Content
Adult content merchants face the additional requirement of complying with the UK's Online Safety Act (2023), which includes age verification requirements for adult content platforms. Payment providers serving adult content merchants in the UK will increasingly require evidence of age verification compliance as part of merchant onboarding.
Nutraceuticals and Supplements
UK-based nutraceutical merchants must comply with MHRA (Medicines and Healthcare products Regulatory Agency) guidance on health claims. High-risk payment processing in this category is available from specialist acquirers but requires clear product compliance documentation during onboarding.

Top Payment Processors for High-Risk Merchants in the UK (2026)


Provider
High-Risk Verticals
FCA Status
Key Strength
Nuvei
Gambling, forex, adult, crypto
FCA Authorised (API)
Broad vertical coverage, multi-currency
PaynoPain / Pagantis
Subscriptions, adult, nutraceuticals
EU-licensed + UK partnerships
Recurring billing specialist
Payvision (ING)
Gambling, adult, forex
FCA Authorised
Strong EU + UK coverage post-Brexit
Worldpay (FIS)
Enterprise high-risk, gambling
FCA Authorised (API)
Scale, stability, broad acquirer network
Credorax (Bluesnap)
Forex, digital goods, subscriptions
FCA Authorised
European + UK issuer relationships
Sofort / Klarna
General high-risk e-commerce
FCA Authorised (AEMI)
BNPL + payment processing combined
Fondy
SME high-risk, e-commerce
FCA Registered
Cost-effective for smaller merchants
TheFinRate note: Always verify current FCA registration and vertical-specific acceptance policies directly with each provider. Acceptance policies change, and FCA status must be confirmed at register.fca.org.uk.

Post-Brexit vs Pre-Brexit: What Actually Changed for High-Risk Merchants


Factor
Pre-Brexit
Post-Brexit (2026)
EU passporting
UK merchants accessed EU PSPs freely
No passporting — UK and EU now separate
SCA framework
UK followed PSD2 SCA
Independent UK SCA under PSR 2017
Provider choice
Full EU + UK provider market
EU providers need FCA authorisation for UK
SEPA access
UK banks participated in SEPA
UK banks excluded from SEPA since Brexit
Card scheme fees
EU IFR interchange caps applied
UK maintains own IFR equivalent via PSR
Data transfers
EU-UK data flows unrestricted
Adequacy agreement in place (under review)
Regulatory divergence
UK aligned with EU rulebook
Growing divergence as UK adapts framework
The SEPA Exclusion Impact
One often-overlooked post-Brexit change: UK banks are no longer participants in SEPA, the EU's payment rail network. This means UK merchants cannot receive SEPA credit transfers or direct debits as a domestic payment method, and cross-border payments between UK and EU bank accounts now route through international wire infrastructure rather than SEPA.
For offshore merchants with banking in both the UK and EU, this creates a practical split: separate banking relationships are needed for EUR-denominated and GBP-denominated operations.

Pros and Cons of UK High-Risk Payment Processing Post-Brexit


Pros
- Mature, deep high-risk ecosystem: The UK has one of the most developed specialist high-risk payment processing markets in the world, with multiple FCA-authorised providers experienced in high-risk verticals
- Regulatory clarity: Independent FCA framework provides a single, clear rulebook for UK-focused operations
- PSR merchant protections: 2-month termination notice, SCA exemption frameworks, and defined dispute rights protect high-risk merchants better than in some other jurisdictions
- FCA de-risking scrutiny: The FCA's scrutiny of unjustified de-risking provides a degree of protection against arbitrary merchant account terminations
- English law contracts: UK payment agreements governed by English law provide a well-understood, commercially predictable framework
Cons
- SEPA exclusion: No domestic access to EU payment rails; cross-border EU payments are more expensive and slower than pre-Brexit
- Dual compliance burden: High-risk merchants operating in both UK and EU must now maintain separate compliance programmes for FCA and relevant EU regulators
- Reduced provider competition: Some EU-headquartered payment providers exited the UK market post-Brexit, reducing the competitive pool for certain high-risk verticals
- Data transfer uncertainty: The EU-UK data adequacy agreement (which enables data flows for payment processing) is under ongoing review
- Growing regulatory divergence: UK and EU rules are diverging over time, increasing compliance complexity for merchants operating across both markets

Frequently Asked Questions


Q: Can an EU-licensed payment provider still process UK payments post-Brexit? A: Only if they hold direct FCA authorisation or operate through a UK-incorporated subsidiary with FCA standing. EU passporting no longer applies. Always verify on the FCA Register before contracting.
Q: Does the UK's SCA requirement apply to all high-risk merchants? A: SCA applies to all UK-facing electronic payment transactions over £30, with defined exemptions. High-risk merchants in elevated-fraud categories may find fewer exemptions available to them. Work with your payment gateway to configure SCA correctly for UK transactions.
Q: Can offshore merchants access UK payment processing? A: Yes, offshore merchants can access UK payment processing through FCA-authorised payment providers. The merchant's incorporation jurisdiction does not determine UK processing eligibility; the payment provider's FCA status and their specific vertical acceptance policies do.
Q: How does post-Brexit UK regulation affect gambling payment processing? A: UK online gambling operators must hold a UKGC licence, and their payment providers must be willing to process for UKGC-licensed operators. The FCA and UKGC have increased joint oversight of gambling payment flows post-Brexit, including enhanced AML requirements.
Q: Are UK interchange fees still capped post-Brexit? A: Yes, the UK maintains its own version of the EU Interchange Fee Regulation, capping consumer debit interchange at 0.2% and credit at 0.3%. The PSR oversees this regime independently from the EU's IFR.
Q: What is the biggest compliance challenge for high-risk merchants in the UK in 2026? A: Managing dual UK/EU compliance obligations simultaneously, particularly for high-risk merchants that serve both markets. As UK and EU regulatory frameworks diverge further, maintaining compliant payment processing in both markets increasingly requires separate provider relationships, separate compliance programmes, and careful attention to cross-border data transfer rules.

Final Thoughts


Post-Brexit UK high-risk payment processing is more complex than it was before 2021, but it is also more navigable than many merchants assume. The UK has a deep, FCA-regulated ecosystem of specialist high-risk payment processors, strong merchant protection rules under PSR 2017, and a regulator that has explicitly criticised unjustified de-risking.
The merchants who operate successfully in this environment are the ones who understand the FCA framework, work with properly authorised payment providers, and treat UK compliance as a separate discipline from their EU operations.
→ Compare FCA-authorised high-risk payment processors and UK merchant account providers on TheFinRate's directory.

https://thefinrate.com/high-risk-payment-processing-in-the-uk-post-brexit-fca-rules-best-processors/

Comments

Post a Comment

Popular posts from this blog

Top Payment Gateways That Support Global Transactions

Image
In today’s digital economy, businesses need reliable and secure top payment gateways to process transactions from customers worldwide. Whether you’re running an e-commerce store, a SaaS business, or a subscription service, choosing the right top payment gateway is crucial for seamless global payments. What Makes a Payment Gateway Ideal for Global Transactions? When selecting a top payment gateway , look for the following features: Multi-Currency Support – Ability to accept and process payments in various currencies. Global Coverage – Availability in multiple countries. Security & Compliance – Adherence to PCI DSS standards and fraud prevention measures. Payment Methods – Support for credit/debit cards, digital wallets, and local payment options. Integration & Compatibility – Easy integration with e-commerce platforms and APIs. Benefits of Using a Global Payment Gateway A top payment gateway offers several advantages for businesses operating on a global scale: Increased...
Read more

Neo Banking vs. Challenger Banks: Key Differences & Market Trends

Image
  Introduction The financial landscape has evolved rapidly, with traditional banking models being disrupted by fintech innovations. Two significant players in this evolution are neo banks and challenger banks . While both offer digital-first banking solutions, they differ in regulatory frameworks, services, and target markets. In this article, we’ll explore the key differences between neo banks and challenger banks, their respective market trends, and what the future holds for digital banking. What is a Neo Bank? A neo bank is a digital-only banking platform that operates without a physical branch. Unlike traditional banks, neo banks do not hold a banking license; instead, they partner with licensed financial institutions to offer banking services. Features of Neo Banks: Fully Digital Experience: No physical branches, with services accessed through mobile apps and websites. Third-Party Partnerships: Neo banks rely on licensed banking partners for operat...
Read more

Understanding Payment Gateways: What They Are and How They Operate

Image
What is a Payment Gateway? A payment gateway is a technology that allows merchants to process payments securely from customers. It serves as an intermediary between the customer, the merchant, and financial institutions, ensuring transactions are completed safely and efficiently. How Payment Gateway Works? Step 1: Adding a Payment Gateway Once your online store is set up, integrating a payment gateway is the first step to enabling secure transactions. This allows both merchants and customers to process payments safely. Methods of Integration: API Integration: Ideal for custom websites and apps, offering maximum flexibility. Plugin Integration: Best for platforms like WordPress, Shopify, WooCommerce, and Wix. SDK Integration: Allows developers to build a custom payment experience for mobile apps or websites. Step 2: Customer Makes a Purchase Customers select products and proceed to checkout, choosing their preferred payment method (credit/debit card, UPI, etc.). The payment gateway ...
Read more